OMB orders privacy policies on federal Web sites

The Office of Management and Budget this week ordered federal agencies to post clear privacy policies on their World Wide Web home pages by Sept. 1.

By Dec. 1, agencies must add privacy policies to all other high traffic areas of their sites, as well as any Web page on which the agencies collect personal information from the public.

"Each policy must clearly and concisely inform visitors to the site what information the agency collects about individuals, why the agency collects it, and how the agency will use it," OMB Director Jacob J. Lew said in a June 2 memorandum to agency heads. "Privacy policies must be clearly labeled and easily accessed when someone visits a Web site."

The Federal Trade Commission has been urging private companies to develop privacy policies for their Web sites. Peter P. Swire, the Clinton administration's recently appointed privacy czar, is overseeing the internal government effort. Swire is heading an interagency steering committee for federal privacy policies.

The committee has developed guidance and model privacy policies, which have been posted on the Chief Information Officers Council Web site at cio.gov/m9918.htm.

The Center for Democracy and Technology, a Washington-based online privacy advocacy group, found that only one-third of federal agencies had privacy policy notices on their sites in a study this spring.

Ari Schwartz, a policy analyst for the center, gave OMB's memorandum good marks.

"It's the kind of guidance we were looking for to come out of this process," Schwartz said. "Now we'll see in September how agencies react to it. Three months should give agencies plenty of time to get a statement up there."

The OMB order follows on a May 1998 memorandum from President Clinton in which he urged agencies to appoint senior privacy officials and review their procedures for ensuring privacy protection on the Internet and elsewhere.